<?php 
//20090211
// fix: lastseen tried to update incorrect table
$SITE_LOGIN = "";

if (isset($_COOKIE['sig'])) {
	$sig = escapestr($_COOKIE['sig']);
}
if (isset($_GET['sig'])) { // for xml api support
	$sig = escapestr($_GET['sig']);
}


 if (!$sig && $_REQUEST['name'] && $_REQUEST['password']){
	$name = escapestr(mb_strtolower($_REQUEST['name'],"UTF-8")); 
	$hash = md5($_REQUEST['password']);
	
	$query  = "SELECT * from users where name='" . $name . "' and password ='". $hash  ."'";
	$result = mysql_query($query);
	
	if (mysql_num_rows($result)){ 
		$profileinfo = mysql_fetch_assoc($result);
		if ( $profileinfo['status'] == 0 ) {
			$SITE_MIDDLE .= FormatElement(GetLangString($lang,"txt_notverified"),GetLangString($lang,"msg_notverified"));
		} else {
			if ($profileinfo['lang']) {
				$lang = $profileinfo['lang'];			
				setcookie("lang","$lang", time()+2500000);
			}		
//$SITE_MIDDLE .= "Lang from db: $lang";		
//			$loggedin = true; 
			$id = $profileinfo['id'];
			$sig = md5( time() . $name);
			setcookie("sig",$sig,time()+2500000);
			$agent = escapestr($_SERVER['HTTP_USER_AGENT']);
			$ip = $_SERVER['REMOTE_ADDR']; 
			$query = "INSERT INTO login (sig,id,time,lastseen,ip,agent) VALUES ('".$sig."','".$id."','".time()."','".time()."','".$ip."','".$agent."')" ;
			$result = mysql_query($query);
			$SITE_MIDDLE.=FormatElement(GetLangString($lang,"txt_login"),GetLangString($lang,"msg_login"));
		} 
	} else {
		$SITE_MIDDLE.=FormatElement(GetLangString($lang,"txt_login"),GetLangString($lang,"msg_badpass"));
		$badpass = true;
	}
}	


if ($sig){
	$sig = escapestr($sig); // better safe then sorry
	$query  = "SELECT id from login where sig='" . $sig ."'";
	$result = mysql_query($query);
		if (mysql_num_rows($result)){ 
		$id = mysql_result ($result,0);
		
//		setcookie("sig"	,$sig,		time()+2500000);
		setcookie("sig"	,$sig,		time()+2500000);
	setcookie("lang","$lang", time()+2500000);

		$query  = "UPDATE login set lastseen ='". time() ."' where sig='" . $sig ."'";
		$result = mysql_query($query);
		
		$query  = "SELECT * from users where id='" . $id ."'";
		$result = mysql_query($query);
		

		if (mysql_num_rows($result)){ 
			$userinfo = mysql_fetch_array($result);
			$name = $userinfo['name'];
//			$name = mysql_result ($result,0);
			
		} else {
			$sig="";
			//$SITE_LOGIN .= "ID Unknown<br>";
			setcookie('sig', '', time()-3600);
		} 
	} else {
		// invalid cookie 
		$sig="";
		setcookie('sig', '', time()-3600);
		//$SITE_LOGIN .= "Cookie Unknown<br>";
	}
} 

if ($name && $id) {
			$str ="
			<a href=index.php?do=profile>"		.GetLangString($lang,"txt_ownprofile")	."</a><br>
			<a href=index.php?do=control>"		.GetLangString($lang,"txt_personalpage")			."</a><br>
			<a href=index.php?do=pm>"					.GetLangString($lang,"txt_pms")					."</a> ";


			$query	=	"SELECT * from comments where `to`=$id and (type=2 or type=0)";
			$result = mysql_query($query);
			if (mysql_num_rows($result)){ 
				$str .= "(".mysql_num_rows($result) . " ".GetLangString($lang,"txt_new").")";
			}
		$str .="<br>";

//		//radio link
//		$query	=	"SELECT * from radio_dj where `userid`='$id'";
//		$result = mysql_query($query);
//		if (mysql_num_rows($result)){ 
		if ($userinfo['status'] & $STA_ADMIN){
				$str .= "<a href=index.php?do=admin>".GetLangString($lang,"txt_adminpanel")."</a><br>";
		}
		if ($userinfo['status'] & $STA_MOD){
				$str .= "<a href=index.php?do=mod>".GetLangString($lang,"txt_modpanel")."</a><br>";
		}
		if ($userinfo['status'] & $STA_DJ){
				$str .= "<a href=index.php?do=djpanel>".GetLangString($lang,"txt_djpanel")."</a><br>";
		}

			
		$str .="	<a href=index.php?do=logout>".GetLangString($lang,"txt_logout")."</a><br>";
						$loggedinas = str_ireplace("%name%",$userinfo['name'],GetLangString($lang,"txt_loggedinas"));
						$SITE_LOGIN .= FormatSmallElement($loggedinas,$str);
}


if (!$sig) {
	if (isset($_COOKIE['mes'])) $SITE_LOGIN = $SITE_LOGIN .  $_COOKIE['mes'];
	$SITE_LOGIN .= FormatSmallElement(GetLangString($lang,"txt_login"), "<form method=\"POST\" ACTION=\"index.php\">
		".GetLangString($lang,"txt_name")."<br>
		<input name=\"name\" type=\"text\"><br>
		".GetLangString($lang,"txt_password")."<br><input name=\"password\" type=\"password\"><br>
		<input value=\"". GetLangString($lang,"txt_login")."\" name = \"login\" type=\"submit\">
	</form><form action='index.php?do=signup' method='post'><input type='submit' value=".GetLangString($lang,"txt_signup")."></form>
".GetLangString($lang,"txt_pleaselogin"));
}

?>
